TWI644556B - Know your customer (kyc) data sharing system with privacy and method thereof - Google Patents
Know your customer (kyc) data sharing system with privacy and method thereof Download PDFInfo
- Publication number
- TWI644556B TWI644556B TW106116442A TW106116442A TWI644556B TW I644556 B TWI644556 B TW I644556B TW 106116442 A TW106116442 A TW 106116442A TW 106116442 A TW106116442 A TW 106116442A TW I644556 B TWI644556 B TW I644556B
- Authority
- TW
- Taiwan
- Prior art keywords
- data
- kyc
- contract
- registration
- client
- Prior art date
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
一種具隱密性的KYC資料共享系統及其方法,透過客戶端提供KYC資料至權責端以進行加密、簽章及發布至區塊鏈網路,並且在區塊鏈網路上執行智能合約,使客戶端、權責端及金融端能夠執行智能合約的函式及偵測智能合約的事件,以便在金融端請求查詢KYC資料時,客戶端能夠針對不同資料項目設定授權權限,接著由金融端直接透過客戶端接收授權的資料項目,再驗證資料項目是否經權責端認證以確定是否進行審閱,用以提高KYC資料的隱密性、可用性及內容統一性之技術功效。A hidden KYC data sharing system and method thereof, which provide KYC data to the right side by the client for encryption, signature and distribution to the blockchain network, and execute the smart contract on the blockchain network, Enable the client, the authority and the financial terminal to execute the smart contract function and detect the smart contract event, so that when the financial side requests to query the KYC data, the client can set the authorization authority for different data items, and then the financial side Receive the authorized data items directly through the client, and then verify whether the data items are certified by the authority to determine whether to review, to improve the confidentiality, usability and content uniformity of the KYC data.
Description
本發明涉及一種資料共享系統及其方法,特別是具隱密性的KYC資料共享系統及其方法。The invention relates to a data sharing system and a method thereof, in particular to a hidden KYC data sharing system and a method thereof.
近年來,隨著金融科技的推廣與蓬勃發展,各種基於金融科技的應用便如雨後春筍般出現,然而,為了提供合適的金融商品給客戶,甚至避免洗錢的情況發生,金融機構會要求客戶填寫一份「認識你的客戶(Know Your Customer, KYC)」之資料。In recent years, with the promotion and vigorous development of financial technology, various applications based on financial technology have sprung up. However, in order to provide suitable financial products to customers and even avoid money laundering, financial institutions will require customers to fill out one. Information on "Know Your Customer (KYC)".
一般而言,金融機構可以根據KYC資料,了解客戶對投資風險的承受能力,進而提供合適的金融商品,也能夠實現客戶身分認證、背景與信用記錄的查核。不過,由於每一個金融機構皆會要求填寫KYC資料,當來往的金融機構數量眾多時,重複填寫相同內容的KYC資料將造成客戶的困擾與不便,由於無法僅填寫一份KYC資料供所有金融機構使用,故具有KYC資料的可用性不佳的問題。另外,在不同時間點填寫的KYC資料,其內容可能也不盡相同,造成內容統一性不佳的問題。In general, financial institutions can understand the customer's ability to withstand investment risks based on KYC data, and then provide appropriate financial products, as well as customer identity certification, background and credit record checks. However, since every financial institution will require KYC information to be filled in. When there are a large number of financial institutions, repeated filling of KYC data of the same content will cause confusion and inconvenience to customers, because it is impossible to fill out only one KYC information for all financial institutions. Used, it has the problem of poor usability of KYC data. In addition, the content of KYC materials filled in at different time points may not be the same, resulting in poor uniformity of content.
有鑑於此,便有廠商提出將KYC資料儲存在客戶端的技術手段,提供客戶在金融機構開戶時使用。然而此一方式需要金融機構願意配合,而且同樣無法解決在不同時間點的KYC資料,其內容可能不盡相同的問題。另外,亦有人提出將KYC資料存放於雲端供金融機構共用,然而,存放於雲端的KYC資料容易遭到竄改,所以如何使各金融機構信任存放於雲端的KYC資料便是一大問題,而且存放於雲端的KYC資料也容易有隱私洩漏的情況發生。In view of this, there are manufacturers who propose to store KYC data on the client's technical means to provide customers with access to financial institutions. However, this approach requires financial institutions to cooperate, and it is also unable to solve KYC data at different points in time, and its content may not be the same. In addition, some people have proposed to store KYC data in the cloud for financial institutions to share. However, KYC data stored in the cloud is easily falsified, so how to make financial institutions trust KYC data stored in the cloud is a big problem, and it is a problem. KYC data in the cloud is also prone to privacy leaks.
綜上所述,可知先前技術中長期以來一直存在KYC資料的隱密性、可用性及內容統一性不佳之問題,因此實有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that the prior art has long been a problem of the confidentiality, usability, and unsatisfactory content of KYC data. Therefore, it is necessary to propose improved technical means to solve this problem.
本發明揭露一種具隱密性的KYC資料共享系統及其方法。The invention discloses a hidden KYC data sharing system and a method thereof.
首先,本發明揭露一種具隱密性的KYC資料共享系統,應用在執行智能合約的區塊鏈網路,此系統包含:權責端、客戶端及金融端。其中,所述權責端包含:初始模組、驗證模組及註冊模組。其中,所述初始模組用以於初始時,透過區塊鏈交易發布KYC資料註冊合約以提供註冊及更新KYC資料合約,以及透過區塊鏈交易發布KYC資料請求註冊合約以提供註冊及記錄KYC資料請求合約,其中,所述KYC資料註冊合約包含資料註冊事件及資料更新事件,所述KYC資料請求註冊合約包含請求註冊事件及授權回應事件;所述驗證模組用以接收KYC資料以進行驗證,此KYC資料包含多個資料項目,以及根據客戶端公鑰分別對通過驗證的KYC資料中的每一資料項目進行加密生成相應的第一加密內容,再根據權責端私鑰對每一資料項目的雜湊值進行簽章生成相應的雜湊簽章值;註冊模組用以透過區塊鏈交易發布包含帳號地址、每一資料項目的第一加密內容及每一資料項目的雜湊簽章值的KYC資料合約,並且獲得對應的KYC資料合約地址,以及將此KYC資料合約地址註冊在KYC資料註冊合約中,用以觸發資料註冊事件產生註冊完成通知。First of all, the present invention discloses a hidden KYC data sharing system, which is applied to a blockchain network that executes a smart contract. The system includes: an authority, a client, and a financial terminal. The authority side includes: an initial module, a verification module, and a registration module. The initial module is used to initially issue a KYC data registration contract through a blockchain transaction to provide registration and update of a KYC data contract, and to issue a KYC data through a blockchain transaction to request a registration contract to provide registration and record KYC. A data request contract, wherein the KYC data registration contract includes a data registration event and a data update event, the KYC data request registration contract includes a request registration event and an authorization response event; and the verification module is configured to receive KYC data for verification The KYC data includes a plurality of data items, and each of the verified KYC data is encrypted according to the client public key to generate a corresponding first encrypted content, and then each data is based on the right and left private key. The hash value of the item is signed to generate the corresponding hash signature value; the registration module is used to issue the account address, the first encrypted content of each data item, and the hash signature value of each data item through the blockchain transaction. KYC data contract, and obtain the corresponding KYC data contract address, and register this KYC data contract address in KYC Registration contract for registered event trigger data generated registration completion notification.
接著,所述客戶端包含:生成模組、偵測模組及加解密模組。其中,生成模組用以生成KYC資料,並且將此KYC資料傳送至權責端;偵測模組用以持續偵測資料請求通知,當偵測到資料請求通知且其包含的帳號地址與所述客戶端其中之一相符後,由相符的客戶端自區塊鏈網路中讀取對應客戶端的KYC資料合約以獲得其中的帳號地址、每一資料項目的第一加密內容及每一資料項目的雜湊簽章值,並且允許設定每一資料項目的授權權限;加解密模組用以根據授權權限及客戶端私鑰對獲得的每一資料項目的第一加密內容進行解密,以及產生一組密鑰對解密後的每一資料項目進行加密生成相應的第二加密內容,再以金融端公鑰對此組密鑰進行加密生成一組加密密鑰,並且傳送每一資料項目的第二加密內容、每一資料項目的雜湊簽章值及此組加密密鑰以觸發授權回應事件產生授權回應通知。Then, the client includes: a generating module, a detecting module, and an encryption and decryption module. The generating module is configured to generate KYC data, and the KYC data is transmitted to the right side; the detecting module is configured to continuously detect the data request notification, and when the data request notification is detected and the account address and the address thereof are included After one of the clients meets, the matching client reads the KYC data contract of the corresponding client from the blockchain network to obtain the account address, the first encrypted content of each data item, and each data item. The hash signature value, and allows permission to set each data item; the encryption and decryption module is used to decrypt the first encrypted content of each data item obtained according to the authorization authority and the client private key, and generate a group The key encrypts each decrypted data item to generate a corresponding second encrypted content, and then encrypts the group key with the financial side public key to generate a set of encryption keys, and transmits a second encryption of each data item. The content, the hash signature value of each data item, and the set of encryption keys are used to trigger an authorization response event to generate an authorization response notification.
至於所述金融端,其包含:請求模組、接收模組及審閱模組。其中,請求模組用以在請求所述客戶端的KYC資料時,透過區塊鏈交易發布對應所述客戶端的KYC資料請求合約,並且將KYC資料請求合約註冊在KYC資料請求註冊合約中,用以觸發請求註冊事件產生資料請求通知;接收模組用以持續偵測KYC資料請求註冊合約的授權回應事件,當授權回應事件被觸發產生授權回應通知後,接收每一資料項目的第二加密內容、每一資料項目的雜湊簽章值及此組加密密鑰,並且以金融端私鑰解密此組加密密鑰以獲得一組密鑰,再以此組密鑰解密每一資料項目的第二加密內容;審閱模組用以根據權責端公鑰及每一資料項目的雜湊簽章值,對已解密的每一資料項目執行雜湊值及簽章的驗證,並且在通過驗證且確認雜湊簽章值由權責端生成時,對已解密的每一資料項目進行審閱。The financial terminal includes: a request module, a receiving module, and a review module. The requesting module is configured to, when requesting the KYC data of the client, issue a KYC data request contract corresponding to the client through a blockchain transaction, and register the KYC data request contract in the KYC data request registration contract, The trigger request registration event generates a data request notification; the receiving module is configured to continuously detect the KYC data request registration contract authorization response event, and when the authorization response event is triggered to generate the authorization response notification, receive the second encrypted content of each data item, a hash signature value of each data item and the set of encryption keys, and decrypting the set of encryption keys with a financial side private key to obtain a set of keys, and then decrypting the second encryption of each data item with the set of keys The content review module is configured to perform the verification of the hash value and the signature of each data item that has been decrypted according to the public key of the authority and the hash signature value of each data item, and verify and confirm the hash signature. When the value is generated by the authority, each data item that has been decrypted is reviewed.
另外,本發明揭露一種具隱密性的KYC資料共享方法,應用在執行智能合約的區塊鏈網路,其步驟包括:權責端於初始時,透過區塊鏈交易發布KYC資料註冊合約以提供註冊及更新KYC資料合約,以及透過區塊鏈交易發布KYC資料請求註冊合約以提供註冊及記錄KYC資料請求合約,其中,KYC資料註冊合約包含資料註冊事件及資料更新事件,KYC資料請求註冊合約包含請求註冊事件及授權回應事件;客戶端生成對應的KYC資料,並且將KYC資料傳送至權責端,KYC資料包含多個資料項目;權責端驗證接收到的KYC資料,並且根據客戶端公鑰分別對通過驗證的KYC資料中的每一資料項目進行加密生成相應的第一加密內容,再根據權責端私鑰對每一資料項目的雜湊值進行簽章生成相應的雜湊簽章值;權責端透過區塊鏈交易發布包含帳號地址、每一資料項目的第一加密內容及每一資料項目的雜湊簽章值的KYC資料合約,並且獲得對應的KYC資料合約地址,以及將此KYC資料合約地址註冊在KYC資料註冊合約中,用以觸發資料註冊事件產生註冊完成通知;金融端在請求客戶端的KYC資料時,透過區塊鏈交易發布對應客戶端的KYC資料請求合約,並且將KYC資料請求合約註冊在KYC資料請求註冊合約中,用以觸發請求註冊事件產生資料請求通知;客戶端偵測到資料請求通知且其包含的帳號地址與所述客戶端其中之一相符後,由相符的客戶端自區塊鏈網路中讀取對應客戶端的KYC資料合約以獲得其中的帳號地址、每一資料項目的第一加密內容及每一資料項目的雜湊簽章值,並且允許設定每一資料項目的授權權限;客戶端根據此授權權限及客戶端私鑰對獲得的每一資料項目的第一加密內容進行解密,以及產生一組密鑰對解密後的每一資料項目進行加密生成相應的第二加密內容,再以金融端公鑰對此組密鑰進行加密生成一組加密密鑰,並且傳送每一資料項目的第二加密內容、每一資料項目的雜湊簽章值及此組加密密鑰以觸發授權回應事件產生授權回應通知;金融端持續偵測KYC資料請求註冊合約的授權回應事件,當授權回應事件被觸發產生授權回應通知後,接收每一資料項目的第二加密內容、每一資料項目的雜湊簽章值及此組加密密鑰,並且以金融端私鑰解密此組加密密鑰以獲得一組密鑰,再以此組密鑰解密每一資料項目的第二加密內容;金融端根據權責端公鑰及每一資料項目的雜湊簽章值,對已解密的每一資料項目執行雜湊值及簽章的驗證,並且在通過驗證且確認雜湊簽章值由權責端生成時,對已解密的每一資料項目進行審閱。In addition, the present invention discloses a hidden KYC data sharing method, which is applied to a blockchain network that executes a smart contract, and the steps include: the rights and obligations end to issue a KYC data registration contract through the blockchain transaction at the initial time. Provide registration and update of KYC data contracts, and issue KYC information through blockchain transactions to request registration contracts to provide registration and record KYC data request contracts. The KYC data registration contract includes data registration events and data update events, and KYC materials request registration contracts. The request registration event and the authorization response event are included; the client generates the corresponding KYC data, and transmits the KYC data to the authority side, the KYC data includes multiple data items; the authority verifies the received KYC data, and according to the client public The key respectively encrypts each data item in the verified KYC data to generate a corresponding first encrypted content, and then generates a corresponding hash signature value according to the hash value of each data item according to the right and left private key; The rights and responsibilities end through the blockchain transaction, including the account address, the first encrypted content of each data item, and each The KYC data contract of the hash sign value of the item, and the corresponding KYC data contract address, and the KYC data contract address are registered in the KYC data registration contract to trigger the registration of the data registration event to generate the registration completion notice; When requesting the KYC data of the client, the KYC data request contract corresponding to the client is issued through the blockchain transaction, and the KYC data request contract is registered in the KYC data request registration contract to trigger the request registration event to generate the data request notification; the client Detect After the data request notification is detected and the account address included therein matches one of the clients, the matching client reads the KYC data contract of the corresponding client from the blockchain network to obtain the account address, each The first encrypted content of a data item and the hash signature value of each data item, and allows the authorization authority of each data item to be set; the client obtains the first item of each data item according to the authorization authority and the client private key pair. Decrypting the encrypted content and generating a set of keys to add each decrypted data item Generating a corresponding second encrypted content, and then encrypting the group key with the financial public key to generate a set of encryption keys, and transmitting the second encrypted content of each data item, the hash signature value of each data item, and The group encryption key generates an authorization response notification by triggering the authorization response event; the financial terminal continuously detects the authorization response event of the KYC data request registration contract, and receives the second authorization of each data item after the authorization response event is triggered to generate the authorization response notification. Encrypting the content, the hash signature value of each data item, and the set of encryption keys, and decrypting the set of encryption keys with a financial side private key to obtain a set of keys, and then decrypting each data item with the group key The second encrypted content; the financial end performs the verification of the hash value and the signature on each data item that has been decrypted according to the public key of the right and the public and the hash signature value of each data item, and passes the verification and confirms the hash signature When the value is generated by the authority, each data item that has been decrypted is reviewed.
本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過客戶端提供KYC資料至權責端以進行加密、簽章及發布至區塊鏈網路,並且在區塊鏈網路上執行智能合約,使客戶端、權責端及金融端能夠執行智能合約的函式及偵測智能合約的事件,以便在金融端請求查詢KYC資料時,客戶端能夠針對不同資料項目設定授權權限,接著由金融端直接透過客戶端接收授權的資料項目,再驗證資料項目是否經權責端認證以確定是否進行審閱。The system and method disclosed in the present invention are as above, and the difference from the prior art is that the present invention provides KYC data to the right side through the client for encryption, signature and distribution to the blockchain network, and in the blockchain network. Execute smart contracts on the road, enabling clients, authorities, and financial terminals to execute smart contract functions and detect smart contract events, so that when the financial side requests to query KYC data, the client can set authorization rights for different data items. Then, the financial terminal directly receives the authorized data item through the client, and then verifies whether the data item is authenticated by the authority to determine whether to review.
透過上述的技術手段,本發明可以達成提高KYC資料的隱密性、可用性及內容統一性之技術功效。Through the above technical means, the present invention can achieve the technical effect of improving the confidentiality, usability and content uniformity of KYC data.
以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The embodiments of the present invention will be described in detail below with reference to the drawings and embodiments, so that the application of the technical means to solve the technical problems and achieve the technical effects can be fully understood and implemented.
在說明本發明所揭露之具隱密性的KYC資料共享系統及其方法之前,先對本發明所應用的環境作說明,本發明是應用在執行智能合約的區塊鏈網路中,在區塊鏈網路中的計算機設備皆可視為區塊鏈節點,所述區塊鏈節點透過點對點(Peer to Peer)方式連接,並且用以處理區塊鏈交易(Blockchain Transactions)。在實際實施上,計算機設備可為伺服器、電腦主機、筆記型電腦、平板電腦等等,用以執行電腦程式指令,例如:區塊鏈程式「Ethereum」。另外,所述智能合約是指依據既定的條件及傳輸的資訊來驅動執行指令的電腦程式,在實際實施上,所述智能合約係透過程式語言,如:Solidity、Serpent、LLL、EtherScript、Sidechain等等來撰寫,其可包含各種不同的函式、事件、參數狀態等等,以區塊鏈程式「Ethereum」為例,其智能合約是經編譯後得到二進位編碼及應用二進位介面(Application Binary Interface, ABI),以便將智能合約廣播至區塊鏈網路,等候礦工(Miner)將智能合約放上區塊鏈並得到相應的地址,至此即完成智能合約的「發布」。之後,區塊鏈網路節點便可根據此地址執行相應的智能合約,藉由不同的指令來改變智能合約在區塊鏈上的狀態。特別要說明的是,文中所述的「KYC資料註冊合約」、「KYC資料合約」、「KYC資料請求註冊合約」、「KYC資料請求合約」、「KYC評等合約」、「KYC評等註冊合約」、「KYC執行註冊合約」、「KYC資料執行合約」、「帳號連結合約」等合約皆為智能合約,至於文中所提及的「註冊」,則是指透過執行智能合約中的函式,建立不同智能合約之間的地址對應關係,以下便針對前述各智能合約作簡要說明:Before describing the cryptographic KYC data sharing system and method thereof disclosed in the present invention, the environment to which the present invention is applied will be described. The present invention is applied to a blockchain network that executes smart contracts in a block. The computer devices in the chain network can be regarded as blockchain nodes, which are connected by peer-to-peer (Peer to Peer) and used to process blockchain transactions. In practical implementation, the computer device can be a server, a computer host, a notebook computer, a tablet computer, etc., for executing computer program instructions, such as the blockchain program "Ethereum". In addition, the smart contract refers to a computer program that drives an execution instruction according to a predetermined condition and transmitted information. In actual implementation, the smart contract is through a programming language such as Solidity, Serpent, LLL, EtherScript, Sidechain, etc. To write, it can contain a variety of different functions, events, parameter states, etc., using the blockchain program "Ethereum" as an example, its smart contract is compiled to obtain binary encoding and application binary interface (Application Binary Interface, ABI), in order to broadcast the smart contract to the blockchain network, waiting for the miner (Miner) to put the smart contract on the blockchain and get the corresponding address, thus completing the "release" of the smart contract. After that, the blockchain network node can execute the corresponding smart contract according to the address, and change the state of the smart contract on the blockchain by different instructions. In particular, the "KYC Data Registration Contract", "KYC Data Contract", "KYC Data Request Registration Contract", "KYC Data Request Contract", "KYC Rating Contract", "KYC Rating", etc. Contracts such as "Contracts", "KYC Execution Registration Contracts", "KYC Data Execution Contracts" and "Account Linkage Contracts" are all smart contracts. As mentioned in the text, "registration" refers to the function in the execution of smart contracts. To establish an address correspondence between different smart contracts, the following is a brief description of each of the aforementioned smart contracts:
一、KYC資料合約,用以記錄客戶的KYC資料,在實際實施上,KYC資料的每一資料項目會分別經過客戶端公鑰進行加密,並且還會透過雜湊演算法計算出相應的雜湊值,接著,再以權責端私鑰對計算出的雜湊值簽章後儲存,也就是說,KYC資料合約並非儲存KYC資料的明碼,而是儲存加密過的資料項目,以及經過雜湊與簽章後的值,實際上,KYC資料合約還包含客戶的帳號地址,如:公鑰。在實際實施上,所述KYC資料合約包含函式,如:「setData()」,並且用以帶入「KYC資料的資料項目之代碼」、「每一資料項目的第一加密內容」、「每一資料項目的雜湊值」及「每一資料項目的雜湊簽章值」等參數。1. The KYC data contract is used to record the customer's KYC data. In actual implementation, each data item of the KYC data is encrypted by the client's public key, and the corresponding hash value is calculated by the hash algorithm. Then, the hash value of the calculated hash value is stored after the signature of the right key, that is, the KYC data contract does not store the clear code of the KYC data, but stores the encrypted data item, and after the hash and signature. The value, in fact, the KYC data contract also contains the customer's account address, such as: public key. In actual implementation, the KYC data contract includes a function such as "setData()", and is used to bring in the "code of the data item of the KYC data", "the first encrypted content of each data item", " Parameters such as the hash value of each data item and the hash signature value of each data item.
二、KYC資料註冊合約,用以供KYC資料合約註冊,並且提供相關事件(即:資料註冊事件、資料更新事件)。在實際實施上,可在註冊KYC資料合約的同時,透過函式產生KYC評等合約,並且註冊到KYC評等註冊合約中,以便授權的金融端可對相應的客戶進行評等及風險標記。所述KYC資料註冊合約包含函式,如:「registerKYCData()」、「updateKYCData()」,這兩個函式皆帶入KYC資料合約的地址和帳號地址,並且執行這兩個函式會觸發相應事件,如:「KYCDataDidRegister」、「KYCDataDidUpdate」,前者在有KYC資料合約註冊時被觸發,後者在KYC資料合約更新時被觸發。2. The KYC data registration contract is used for the registration of KYC data contracts and provides related events (ie: data registration events, data update events). In actual implementation, the KYC rating contract can be generated through the function at the same time as the KYC data contract is registered, and registered in the KYC rating registration contract, so that the authorized financial terminal can evaluate and mark the corresponding customers. The KYC data registration contract contains functions such as "registerKYCData()" and "updateKYCData()". Both functions are brought into the address and account address of the KYC data contract, and execution of these two functions will trigger Corresponding events, such as "KYCDataDidRegister" and "KYCDataDidUpdate", are triggered when a KYC data contract is registered, and the latter is triggered when the KYC data contract is updated.
三、KYC資料請求合約,用以供金融端對客戶端發起請求,以便向客戶取得審閱KYC資料的授權權限,也就是說,客戶端同樣會透過此KYC資料請求合約回覆授權權限。在實際實施上,所述KYC資料請求合約包含函式,如:「addRequest()」、「addSignature()」、「isApproved()」、「approveRequest()」、「rejectRequest()」、「revokeRequest()」,分別用以在「金融端增加需要審閱的資料項目」、「金融端設定簽章供客戶驗證金融端來源」、「檢查金融端是否有審閱指定資料項目的授權權限」、「客戶端授權審閱指定資料項目的請求」、「客戶端拒絕審閱指定資料項目的請求」及「客戶端取消已授權審閱指定資料項目的授權權限」等情況下執行。3. The KYC data request contract is used for the financial terminal to initiate a request to the client to obtain the authorization authority for reviewing the KYC data to the client, that is, the client also requests the contract to reply to the authorization authority through the KYC data. In actual implementation, the KYC data request contract includes functions such as: "addRequest()", "addSignature()", "isApproved()", "approveRequest()", "rejectRequest()", "revokeRequest( ), respectively, for adding "data items that need to be reviewed at the financial end", "financial signing for customers to verify the source of the financial side", "checking whether the financial side has the authority to review the specified data items", "client" Execute if you are authorized to review the request for a specified data item, "The client refuses to review the request for a specified data item", and "The client cancels the authorized authority to review the specified data item."
四、KYC資料請求註冊合約,用以註冊、記錄金融端對審閱客戶的KYC資料的請求,並且提供相應事件讓客戶得知有審閱請求,也讓金融端得知有授權狀態回覆或更新。在實際實施上,KYC資料請求註冊合約包含函式如:「requestKYCData()」及「responseKYCDataRequest()」,分別用以提供金融端註冊KYC資料請求合約,以及客戶回覆或更新KYC資料請求合約的授權狀態後,通知合約已回應完畢。另外,執行這兩個函式會觸發相應的事件,如:「KYCDataDidRequest」及「KYCDataRequestDidResponse」,前者會在有新的KYC資料請求合約註冊時被觸發,通知客戶端存在此請求,後者會在KYC資料請求合約的授權狀態改變時被觸發,通知金融端授權狀態改變。4. The KYC data request registration contract is used to register and record the financial side's request for reviewing the customer's KYC data, and provide corresponding events to let the customer know that there is a review request, and also let the financial terminal know that there is an authorization status reply or update. In actual implementation, the KYC data request registration contract contains functions such as "requestKYCData()" and "responseKYCDataRequest()", which are used to provide the financial terminal to register the KYC data request contract, and the customer to reply or update the KYC data request contract authorization. After the status, the notification contract has been responded. In addition, the execution of these two functions will trigger the corresponding events, such as: "KYCDataDidRequest" and "KYCDataRequestDidResponse", the former will be triggered when there is a new KYC data request contract registration, notify the client that there is this request, the latter will be in KYC When the authorization status of the data request contract is changed, it is triggered to notify the financial end of the authorization status change.
五、KYC資料執行合約,用以記錄金融端執行KYC處理,其包含函式如:「executeKyc()」,用以在金融端審閱KYC資料的指定資料項目後簽章,每一資料項目皆須獨立簽章。5. The KYC data execution contract is used to record the KYC processing performed by the financial side. The inclusion function is “executeKyc()”, which is used to sign the designated data items of the KYC data after the financial side, and each data item must be signed. Independent signature.
六、KYC執行註冊合約,用以記錄KYC資料執行合約的執行結果,其包含函式如:「registerKYCExecution()」。6. KYC executes the registration contract to record the execution result of the KYC data execution contract, which includes the function "registerKYCExecution()".
七、KYC評等合約,用以供金融端記錄客戶評等、風險標記,其包含函式如:「addNotes()」、「addFlag()」及「addRating()」,分別用以「新增金融端對客戶的筆記」、「新增金融端對客戶的風險標記」及「新增金融端對客戶的評等」。7. The KYC rating contract is used for the financial side to record customer ratings and risk marks. The inclusion functions such as "addNotes()", "addFlag()" and "addRating()" are used to "add new Financial end-to-customer notes, "adding new financial end-to-customer risk marks" and "adding financial end to customer ratings."
八、KYC評等註冊合約,用以提供註冊KYC評等合約,其包含函式如:「register()」,其透過帶入KYC評等合約的地址來完成KYC評等合約的註冊。8. The KYC rating registration contract is used to provide a registered KYC rating contract, which includes a function such as "register()", which completes the registration of the KYC rating contract by entering the address of the KYC rating contract.
九、帳號連結合約,用以供客戶綁定多重帳號地址,以便達成隱私性,並且利用簽章加密儲存的帳號地址,其可包含函式,如:「addAssociation()」、「removeAssociation()」及「getAssociation()」,用以分別進行「新增綁定的簽章」、「移除綁定的簽章」及「查詢某個簽章綁定的帳號地址」等處理。Nine, account link, for customers to bind multiple account addresses in order to achieve privacy, and use the signature to encrypt the stored account address, which can contain functions such as: "addAssociation ()", "removeAssociation ()" And "getAssociation()", which are used to perform the process of "adding a new signature", "removing a signed signature", and "inquiring an account number bound to a signature".
以下配合圖式對本發明具隱密性的KYC資料共享系統及其方法做進一步說明,請先參閱「第1圖」,「第1圖」為本發明具隱密性的KYC資料共享系統之系統方塊圖,應用在執行智能合約的區塊鏈網路10,此系統包含:權責端100、客戶端110及金融端120。其中,權責端100的部分,其可為政府權責單位或政府合法授權單位,其目的是為了提供驗證自然人或組織的KYC資料服務(例如:驗證資料是否正確屬實),實際上,權責端100作為區塊鏈節點與區塊鏈網路10相連,所述權責端100包含:初始模組101、驗證模組102及註冊模組103。其中,初始模組101用以於初始時,透過區塊鏈交易發布KYC資料註冊合約以提供註冊及更新KYC資料合約,以及透過區塊鏈交易發布KYC資料請求註冊合約以提供註冊及記錄KYC資料請求合約,其中,所述KYC資料註冊合約包含資料註冊事件及資料更新事件,所述KYC資料請求註冊合約包含請求註冊事件及授權回應事件。當執行KYC資料註冊合約的註冊函式來註冊KYC資料合約時,此註冊函式會觸發資料註冊事件,也就是說,當有新的KYC資料合約註冊時,資料註冊事件會被觸發;當執行KYC資料註冊合約的更新函式更新KYC資料合約時,此更新函式會觸發資料更新事件,也就是說,當既有的KYC資料合約更新時,資料更新事件會被觸發。The following is a description of the KYC data sharing system and its method for stealth of the present invention. Please refer to "1" and "1" for the system of the KYC data sharing system with hidden privacy. The block diagram is applied to the blockchain network 10 that executes the smart contract. The system includes: the rights holder 100, the client 110, and the financial terminal 120. Among them, the part of the authority side 100, which may be a government authority or a legally authorized unit of the government, is intended to provide a KYC data service for verifying a natural person or organization (for example, verifying that the information is correct), in fact, the responsibility The terminal 100 is connected to the blockchain network 10 as a blockchain node. The rights end 100 includes an initial module 101, a verification module 102, and a registration module 103. The initial module 101 is used to initially issue a KYC data registration contract through a blockchain transaction to provide registration and update of a KYC data contract, and to issue a KYC data through a blockchain transaction to request a registration contract to provide registration and record KYC data. The request contract, wherein the KYC data registration contract includes a data registration event and a data update event, and the KYC data request registration contract includes a request registration event and an authorization response event. When a KYC data registration contract is registered to register a KYC data contract, this registration function triggers a data registration event, that is, when a new KYC data contract is registered, the data registration event is triggered; When the KYC data registration contract update function updates the KYC data contract, this update function will trigger the data update event, that is, when the existing KYC data contract is updated, the data update event will be triggered.
在實際實施上,所述KYC資料合約儲存的資料包含「客戶的帳號地址」、「每一資料項目的加密內容(即:第一加密內容)」及「經過雜湊及簽章處理的雜湊簽章值」,前述客戶的帳號地址可以公鑰的形式呈現;加密內容是透過客戶端公鑰加密生成;簽章則是透過權責端私鑰來實現。另外,初始模組101還可透過區塊鏈交易發布KYC執行註冊合約用以記錄KYC資料執行合約的執行結果,所述KYC資料執行合約記錄金融端120審閱過的每一資料項目及其簽章。如此一來,往後藉由驗證簽章即可得知審閱過KYC資料的是哪一個金融端120。除此之外,權責端100於初始時,亦可透過區塊鏈交易發布帳號連結合約,用以儲存每一客戶端110對應的所有帳號地址,使其所有帳號地址對應同一KYC資料,以及允許新增或刪除所述帳號地址,那麼,當金融端120驗證帳號地址並確認是由客戶端110產生之後,即可允許在不同的帳號地址接收同一KYC資料。換句話說,客戶端110可以使用不同的帳號地址讓金融端120執行KYC處理,甚至避免藉由帳號地址得知客戶端110的身分。In actual implementation, the information stored in the KYC data contract includes "customer's account address", "encrypted content of each data item (ie: first encrypted content)" and "multiple signatures processed by hash and signature" The value of the client's account address can be presented in the form of a public key; the encrypted content is generated by the client's public key encryption; the signature is implemented by the rights and responsibilities of the private key. In addition, the initial module 101 can also issue a KYC execution registration contract for recording the execution result of the KYC data execution contract through the blockchain transaction, and the KYC data execution contract records each data item and its signature reviewed by the financial terminal 120. . In this way, by verifying the signature, it is known which financial terminal 120 has reviewed the KYC data. In addition, the rights terminal 100 may also issue an account connection contract through the blockchain transaction to store all account addresses corresponding to each client 110, so that all account addresses correspond to the same KYC data, and If the account address is allowed to be added or deleted, then after the financial terminal 120 verifies the account address and confirms that it is generated by the client 110, the same KYC data can be allowed to be received at different account addresses. In other words, the client 110 can use the different account addresses to cause the financial terminal 120 to perform KYC processing, and even avoid the identity of the client 110 by the account address.
驗證模組102用以接收KYC資料以進行驗證,此KYC資料包含多個資料項目,例如:姓名、身分證字號、性別等等,以及根據客戶端公鑰分別對通過驗證的KYC資料中的每一資料項目進行加密生成相應的第一加密內容,再根據權責端私鑰對每一資料項目的雜湊值進行簽章生成相應的雜湊簽章值。在實際實施上,每一個資料項目皆具有對應的代碼,如:身分證字號的代碼為「ID」、財產證明代碼為「WEALTH_PROOF」等等。另外,文中所提及的公鑰(如:客戶端公鑰)及私鑰(如:權責端私鑰)皆可透過第三方公信憑證單位(例如:台灣網路認證中心)發行的憑證提供。The verification module 102 is configured to receive KYC data for verification. The KYC data includes a plurality of data items, such as: name, identity card number, gender, etc., and each of the verified KYC materials according to the client public key. A data item is encrypted to generate a corresponding first encrypted content, and then the hash value of each data item is signed according to the private key of the right to generate a corresponding hash signature value. In actual implementation, each data item has a corresponding code, such as: the code of the identity card number is "ID", the property certificate code is "WEALTH_PROOF" and so on. In addition, the public key mentioned in the text (such as the client public key) and the private key (such as the rights-of-rights private key) can be provided through the certificate issued by the third-party public certificate unit (for example, the Taiwan Network Certification Center). .
註冊模組103用以透過區塊鏈交易發布包含帳號地址、每一資料項目的第一加密內容及每一資料項目的雜湊簽章值的KYC資料合約,並且獲得對應的KYC資料合約地址,以及將此KYC資料合約地址註冊在KYC資料註冊合約中,用以觸發資料註冊事件產生註冊完成通知。在實際實施上,在註冊新的KYC資料合約的同時,還可透過區塊鏈交易發布對應客戶端110的KYC評等合約,並且將KYC評等合約的KYC評等合約地址註冊到初始模組101預先發布的KYC評等註冊合約,用以允許獲得授權權限的金融端120對相應的客戶端110的KYC資料進行評等及風險標記。舉例來說,其評等可為信用評分;風險標記則可註記是否為警示帳戶。The registration module 103 is configured to issue a KYC data contract including an account address, a first encrypted content of each data item, and a hash signature value of each data item through the blockchain transaction, and obtain a corresponding KYC data contract address, and The KYC data contract address is registered in the KYC data registration contract to trigger the registration of the data registration event to generate a registration completion notice. In actual implementation, while registering a new KYC data contract, the KYC rating contract corresponding to the client 110 can be released through the blockchain transaction, and the KYC rating contract address of the KYC rating contract is registered to the initial module. The pre-release KYC rating registration contract is used to allow the financial terminal 120 that obtains the authorization authority to rate and risk the KYC data of the corresponding client 110. For example, the rating can be a credit score; the risk marker can be noted as a warning account.
在實際實施上,權責端100更可包含更新模組104用以在KYC資料更新後,根據KYC資料註冊合約獲得對應KYC資料的KYC資料合約,並且觸發資料更新事件產生更新完成通知。也就是說,當區塊鏈中既有的KYC資料被更新時,KYC資料註冊合約的資料更新事件會被觸發以通知區塊鏈網路10中的區塊鏈節點。In actual implementation, the rights-side 100 may further include an update module 104 for obtaining a KYC data contract corresponding to the KYC data according to the KYC data registration contract after the KYC data is updated, and triggering the data update event to generate an update completion notification. That is, when the existing KYC data in the blockchain is updated, the data update event of the KYC data registration contract is triggered to notify the blockchain node in the blockchain network 10.
在客戶端110的部分,所述客戶端110本身可為區塊鏈節點或透過第三方(例如:權責端100、金融端120或任何有權限連上區塊鏈節點的服務提供者)提供區塊鏈節點服務,換句話說,客戶端110可直接或間接使用區塊鏈節點與區塊鏈網路10相連,進而偵測智能合約事件,其中,「直接」是指客戶端110本身即為區塊鏈網路10內的區塊鏈節點,其使用區塊鏈客戶端程式連接區塊鏈網路10;至於「間接」則是指使用第三方整合服務,如金融機構提供基於區塊鏈節點的錢包服務。假設客戶端110本身為區塊鏈節點,將直接監控「KYC資料請求註冊合約」的「請求註冊事件」,當所述請求註冊事件被觸發時,檢驗KYC資料請求合約是否針對客戶端110發起,若是,則通知客戶處理;假設客戶端110是透過第三方提供的區塊鏈節點服務,那麼,需要提供監控地址,以便監控KYC資料請求註冊合約的請求註冊事件,當註冊的KYC資料請求合約是針對服務的客戶,則通知客戶處理此KYC資料請求合約,其通知方式可透過行動應用程式、電子郵件、電話等等來達成。In a portion of the client 110, the client 110 itself may be provided by a blockchain node or by a third party (eg, the rights holder 100, the financial terminal 120, or any service provider that has permission to connect to the blockchain node) The blockchain node service, in other words, the client 110 can directly or indirectly connect to the blockchain network 10 using the blockchain node to detect smart contract events, wherein "direct" means that the client 110 itself It is a blockchain node in the blockchain network 10, which uses a blockchain client program to connect to the blockchain network 10; as for "indirect", it refers to the use of third-party integration services, such as financial institutions providing block-based blocks. Wallet service for chain nodes. Assuming that the client 110 itself is a blockchain node, the "Request Registration Event" of the "KYC Data Request Registration Contract" will be directly monitored. When the request registration event is triggered, it is checked whether the KYC data request contract is initiated for the client 110. If yes, notify the client to process; assuming that the client 110 is a blockchain node service provided by a third party, then a monitoring address is required to monitor the request registration event of the KYC data request registration contract, when the registered KYC data request contract is For the customer of the service, the customer is notified to process the KYC data request contract, and the notification method can be achieved through the mobile application, email, telephone, and the like.
承上所述,每一客戶端110皆包含:生成模組111、偵測模組112及加解密模組113。其中,生成模組111用以生成KYC資料,舉例來說,提供圖形使用者界面(Graphical User Interface, GUI)供客戶輸入並作為KYC資料,並且將KYC資料傳送至權責端100,以供權責端100進行加密、簽章及發布相應的KYC資料合約至區塊鏈網路10。As described above, each client 110 includes a generation module 111, a detection module 112, and an encryption and decryption module 113. The generating module 111 is configured to generate KYC data, for example, providing a Graphical User Interface (GUI) for the customer to input and use as KYC data, and transmitting the KYC data to the rights holder 100 for authorization. The responsible party 100 encrypts, signs, and issues the corresponding KYC data contract to the blockchain network 10.
偵測模組112用以持續偵測資料請求通知,當偵測到資料請求通知且其包含的帳號地址與所述客戶端其中之一相符後,由相符的客戶端110自區塊鏈網路10中讀取對應客戶端110的KYC資料合約以獲得其中的帳號地址、每一資料項目的第一加密內容及每一資料項目的雜湊簽章值,並且允許設定每一資料項目的授權權限。在實際實施上,所述設定授權權限是指針對每一個資料項目設定相應的授權權限,如:允許、拒絕、取消等等。The detecting module 112 is configured to continuously detect the data request notification. When the data request notification is detected and the account address included therein matches one of the clients, the matching client 110 is self-blockchain network. The KYC data contract corresponding to the client 110 is read in 10 to obtain the account address therein, the first encrypted content of each data item, and the hash signature value of each data item, and allows the authorization authority of each data item to be set. In actual implementation, the setting authorization authority is to set a corresponding authorization authority for each data item, such as: permission, rejection, cancellation, and the like.
加解密模組113用以根據授權權限及客戶端私鑰對獲得的每一資料項目的第一加密內容進行解密,以及產生一組密鑰對解密後的每一資料項目進行加密生成相應的第二加密內容,再以金融端公鑰對此組密鑰進行加密生成一組加密密鑰,並且傳送每一資料項目的第二加密內容、每一資料項目的雜湊簽章值及此組加密密鑰以觸發授權回應事件產生授權回應通知。在實際實施上,產生一組密鑰的方式可利用對稱式加密(Symmetric Encryption)演算法生成,並且同時用於加密及解密,相較於使用非對稱式加密(Asymmetric Encryption)演算法生成密鑰,前者能夠提升每一資料項目的加解密處理效率。實際上,所述第一加密內容與第二加密內容的差異僅在於前者是透過客戶端公鑰加密,而後者是透過密鑰加密。特別要說明的是,額外產生一組密鑰對資料項目加密而非直接使用客戶端私鑰對資料項目加密的目的,是為了將資料項目提供給指定的金融端120,避免同樣擁有客戶端公鑰的其它區塊鏈節點也能夠對資料項目進行解密。The encryption and decryption module 113 is configured to decrypt the first encrypted content of each data item obtained according to the authorization authority and the client private key, and generate a set of keys to encrypt each data item after decryption to generate a corresponding first Encrypting the content, encrypting the group key with the financial public key to generate a set of encryption keys, and transmitting the second encrypted content of each data item, the hash signature value of each data item, and the group encryption key The key generates an authorization response notification by triggering an authorization response event. In practice, a method of generating a set of keys can be generated by using a Symmetric Encryption algorithm and used for encryption and decryption simultaneously, and a key is generated by using an Asymmetric Encryption algorithm. The former can improve the efficiency of encryption and decryption processing of each data item. In fact, the difference between the first encrypted content and the second encrypted content is only that the former is encrypted by the client public key, and the latter is encrypted by the key. In particular, the purpose of additionally generating a set of keys to encrypt the data items rather than directly encrypting the data items using the client private key is to provide the data items to the designated financial terminal 120 to avoid having the same client. Other blockchain nodes of the key can also decrypt the data item.
接著,在金融端120的部分,所述金融端120必須與權責端100相連,也必須作為區塊鏈節點與區塊鏈網路10相連,每一金融端120皆包含:請求模組121、接收模組122及審閱模組123。其中,請求模組121用以在請求所述客戶端110的KYC資料時,透過區塊鏈交易發布對應客戶端110的KYC資料請求合約,並且將所述KYC資料請求合約註冊在KYC資料請求註冊合約中,用以觸發請求註冊事件產生資料請求通知。如此一來,客戶端110藉由偵測請求註冊事件是否被觸發即可得知金融端120是否有向其請求KYC資料。在實際實施上,資料請求通知可包含:「客戶端110的帳號地址」、「資料項目的代碼」及「金融端120的簽章」等資料。Then, in the part of the financial terminal 120, the financial terminal 120 must be connected to the right-of-charge terminal 100, and must also be connected to the blockchain network 10 as a blockchain node. Each financial terminal 120 includes: a request module 121. The receiving module 122 and the review module 123. The request module 121 is configured to issue a KYC data request contract corresponding to the client 110 through the blockchain transaction when requesting the KYC data of the client 110, and register the KYC data request contract in the KYC data request registration. In the contract, the data request notification is triggered to trigger the request registration event. In this way, the client 110 can know whether the financial terminal 120 has requested KYC data from it by detecting whether the request registration event is triggered. In actual implementation, the data request notification may include: "account address of the client 110", "code of the data item", and "signature of the financial terminal 120".
接收模組122用以持續偵測KYC資料請求註冊合約的授權回應事件,當授權回應事件被觸發產生授權回應通知後,接收每一資料項目的第二加密內容、每一資料項目的雜湊簽章值及此組加密密鑰,並且以金融端私鑰解密此組加密密鑰以獲得一組密鑰,再以此組密鑰解密每一資料項目的第二加密內容。由於加密密鑰僅能夠被金融端私鑰解密,所以只有擁有金融端私鑰的區塊鏈節點(即:指定的金融端120)能夠經由解密獲得此組密鑰,進而再利用此組密鑰對第二加密內容進行解密以獲得未加密的資料項目,故可確保資料項目的隱密性。The receiving module 122 is configured to continuously detect an authorization response event of the KYC data request registration contract, and receive the second encrypted content of each data item and the hash signature of each data item when the authorization response event is triggered to generate an authorization response notification. The value and the set of encryption keys, and decrypting the set of encryption keys with the financial side private key to obtain a set of keys, and then decrypting the second encrypted content of each data item with the set of keys. Since the encryption key can only be decrypted by the financial side private key, only the blockchain node (ie, the designated financial terminal 120) having the financial side private key can obtain the group key by decrypting, and then reuse the group key. The second encrypted content is decrypted to obtain an unencrypted data item, thereby ensuring the confidentiality of the data item.
審閱模組123用以根據權責端公鑰及每一資料項目的雜湊簽章值,對已解密的每一資料項目執行雜湊值及簽章的驗證,並且在通過驗證且確認雜湊簽章值由權責端100生成時,對已解密的每一資料項目進行審閱。在實際實施上,由於「雜湊簽章值」的生成方式是利用「權責端私鑰」對「雜湊值」進行簽章,所以金融端120在驗證「雜湊簽章值」時,可以利用根據資料項目所計算出的「雜湊值」搭配「雜湊簽章值」推算出「權責端公鑰」,接著再將推算出的「權責端公鑰」與已知的「權責端公鑰」進行比對,倘若比對結果相同即代表資料未被竄改,並且確認「雜湊簽章值」由權責端100生成,故雜湊值及其簽章通過驗證,反之,倘若「權責端公鑰」不同則代表資料已被竄改或是雜湊簽章值並非由權責端100生成,故雜湊值及其簽章的驗證不通過。The review module 123 is configured to perform the verification of the hash value and the signature of each data item that has been decrypted according to the public key of the right side and the hash signature value of each data item, and verify and confirm the hash signature value. When generated by the authority 100, each data item that has been decrypted is reviewed. In actual implementation, since the "hybrid signature value" is generated by using the "right duty private key" to sign the "heavy value", the financial terminal 120 can use the basis when verifying the "hybrid signature value". The "heavy value" calculated by the data item is combined with the "mixed signature value" to calculate the "rights and public key", and then the calculated "rights and public key" and the known "right public key" For comparison, if the comparison result is the same, the data has not been tampered with, and it is confirmed that the "hybrid signature value" is generated by the right-hand side 100, so the hash value and its signature are verified, otherwise, if the "rights and responsibilities" If the key is different, it means that the data has been tampered with or the hash signature value is not generated by the authority 100, so the hash value and the verification of the signature are not passed.
接著,請參閱「第2A圖」至「第2C圖」,「第2A圖」至「第2C圖」為本發明具隱密性的KYC資料共享方法之方法流程圖,應用在執行智能合約的區塊鏈網路10,其步驟包括:權責端100於初始時,透過區塊鏈交易發布KYC資料註冊合約以提供註冊及更新KYC資料合約,以及透過區塊鏈交易發布KYC資料請求註冊合約以提供註冊及記錄KYC資料請求合約,其中,KYC資料註冊合約包含資料註冊事件及資料更新事件,KYC資料請求註冊合約包含請求註冊事件及授權回應事件(步驟210);客戶端110生成對應的KYC資料,並且將KYC資料傳送至權責端100,KYC資料包含多個資料項目(步驟220);權責端100驗證接收到的KYC資料,並且根據客戶端公鑰分別對通過驗證的KYC資料中的每一資料項目進行加密生成相應的第一加密內容,再根據權責端私鑰對每一資料項目的雜湊值進行簽章生成相應的雜湊簽章值(步驟230);權責端100透過區塊鏈交易發布包含帳號地址、每一資料項目的第一加密內容及每一資料項目的雜湊簽章值的KYC資料合約,並且獲得對應的KYC資料合約地址,以及將此KYC資料合約地址註冊在KYC資料註冊合約中,用以觸發資料註冊事件產生註冊完成通知(步驟240);金融端120在請求客戶端110的KYC資料時,透過區塊鏈交易發布對應客戶端110的KYC資料請求合約,並且將KYC資料請求合約註冊在KYC資料請求註冊合約中,用以觸發請求註冊事件產生資料請求通知(步驟250);客戶端110偵測到資料請求通知且其包含的帳號地址與所述客戶端110其中之一相符後,由相符的客戶端110自區塊鏈網路10中讀取對應客戶端110的KYC資料合約以獲得其中的帳號地址、每一資料項目的第一加密內容及每一資料項目的雜湊簽章值,並且允許設定每一資料項目的授權權限(步驟260);客戶端110根據此授權權限及客戶端私鑰對獲得的每一資料項目的第一加密內容進行解密,以及產生一組密鑰對解密後的每一資料項目進行加密生成相應的第二加密內容,再以金融端公鑰對此組密鑰進行加密生成一組加密密鑰,並且傳送每一資料項目的第二加密內容、每一資料項目的雜湊簽章值及此組加密密鑰以觸發授權回應事件產生授權回應通知(步驟270);金融端120持續偵測KYC資料請求註冊合約的授權回應事件,當授權回應事件被觸發產生授權回應通知後,接收每一資料項目的第二加密內容、每一資料項目的雜湊簽章值及此組加密密鑰,並且以金融端私鑰解密此組加密密鑰以獲得一組密鑰,再以此組密鑰解密每一資料項目的第二加密內容(步驟280);金融端120根據權責端公鑰及每一資料項目的雜湊簽章值,對已解密的每一資料項目執行雜湊值及簽章的驗證,並且在通過驗證且確認雜湊簽章值由權責端100生成時,對已解密的每一資料項目進行審閱(步驟290)。透過上述步驟,即可透過客戶端110提供KYC資料至權責端100以進行加密、簽章及發布至區塊鏈網路10,並且在區塊鏈網路10上執行智能合約,使客戶端110、權責端100及金融端120能夠執行智能合約的函式及偵測智能合約的事件,以便在金融端請求查詢KYC資料時,客戶端110能夠針對不同資料項目設定授權權限,接著由金融端120直接透過客戶端110接收授權的資料項目,再驗證資料項目是否經權責端100認證以確定是否進行審閱。Next, please refer to "2A" to "2C", "2A" to "2C" are flowcharts of the method for stealing KYC data sharing method of the present invention, which are applied to execute smart contracts. The blockchain network 10, the steps include: the rights terminal 100 initially issues a KYC data registration contract through the blockchain transaction to provide registration and update of the KYC data contract, and issues a KYC data request for registration through the blockchain transaction. To provide a registration and record KYC data request contract, wherein the KYC data registration contract includes a data registration event and a data update event, the KYC data request registration contract includes a request registration event and an authorization response event (step 210); the client 110 generates a corresponding KYC Data, and the KYC data is transmitted to the rights holder 100, the KYC data includes a plurality of data items (step 220); the rights side 100 verifies the received KYC data, and separately passes the verified KYC data according to the client public key. Each data item is encrypted to generate a corresponding first encrypted content, and then the hash value of each data item is signed according to the private key of the right and responsible side to generate a corresponding The hash sign value (step 230); the rights end 100 issues a KYC data contract including the account address, the first encrypted content of each data item, and the hash signature value of each data item through the blockchain transaction, and obtains Corresponding KYC data contract address, and registering the KYC data contract address in the KYC data registration contract for triggering the data registration event to generate a registration completion notification (step 240); when the financial terminal 120 requests the KYC data of the client 110, The KYC data request contract corresponding to the client 110 is issued through the blockchain transaction, and the KYC data request contract is registered in the KYC data request registration contract to trigger the request registration event to generate the data request notification (step 250); the client 110 detects After the data request notification is detected and the account address included therein matches one of the clients 110, the matching client 110 reads the KYC data contract of the corresponding client 110 from the blockchain network 10 to obtain the data. Account address, the first encrypted content of each data item, and the hash signature value of each data item, and allows each data item to be set. Authorization authority (step 260); the client 110 decrypts the first encrypted content of each data item obtained according to the authorization authority and the client private key, and generates a set of keys to encrypt each decrypted data item. Generating a corresponding second encrypted content, and then encrypting the group key with the financial public key to generate a set of encryption keys, and transmitting the second encrypted content of each data item, the hash signature value of each data item, and The group encryption key generates an authorization response notification by triggering the authorization response event (step 270); the financial terminal 120 continuously detects the authorization response event of the KYC data request registration contract, and receives each of the authorization response events after the authorization response event is triggered to generate an authorization response notification. a second encrypted content of the data item, a hash signature value of each data item, and the set of encryption keys, and decrypting the set of encryption keys with a financial side private key to obtain a set of keys, and then decrypting the set of keys The second encrypted content of each data item (step 280); the financial end 120 pairs each of the decrypted ones according to the public key of the right side and the hash signature value of each data item The data item performs the verification of the hash value and the signature, and upon verification and confirmation that the hash signature value is generated by the rights holder 100, each of the decrypted data items is reviewed (step 290). Through the above steps, the KYC data can be provided to the rights holder 100 through the client 110 for encryption, signature and distribution to the blockchain network 10, and the smart contract is executed on the blockchain network 10 to enable the client. 110. The rights side 100 and the financial side 120 can execute the function of the smart contract and detect the event of the smart contract, so that when the financial side requests to query the KYC data, the client 110 can set the authorization authority for different data items, and then by the financial The terminal 120 receives the authorized data item directly through the client 110, and then verifies whether the data item is authenticated by the authority 100 to determine whether to review.
特別要說明的是,在步驟240之後,還可在KYC資料更新完成後,根據KYC資料註冊合約獲得對應KYC資料的KYC資料合約,並且觸發資料更新事件產生更新完成通知(步驟241),以使區塊鏈網路10的所有節點都能夠藉由偵測到更新完成通知而得知KYC資料已經更新。接著,在步驟290之後,倘若權責端100於初始時,透過區塊鏈交易發布KYC執行註冊合約,用以記錄KYC資料執行合約的執行結果,所述KYC資料執行合約記錄金融端120審閱過的每一資料項目及其簽章(步驟291)。另外,權責端100還可於初始時,透過區塊鏈交易發布帳號連結合約,用以儲存每一客戶端110對應的所有帳號地址,使所有帳號地址對應同一KYC資料,以及允許新增或刪除所述帳號地址,並且在金融端120驗證所述帳號地址後,允許以不同的帳號地址接收同一KYC資料(步驟292)。如此一來,可供客戶綁定多個帳號地址,降低經由帳號地址識別客戶的機率,有助於提高隱私性。In particular, after step 240, after the KYC data update is completed, the KYC data contract corresponding to the KYC data is obtained according to the KYC data registration contract, and the data update event is triggered to generate an update completion notification (step 241), so that All nodes of the blockchain network 10 are able to know that the KYC data has been updated by detecting an update completion notification. Then, after the step 290, if the rights end 100 is initially, the KYC execution registration contract is issued through the blockchain transaction to record the execution result of the KYC data execution contract, and the KYC data execution contract record is reviewed by the financial terminal 120. Each data item and its signature (step 291). In addition, the authority 100 can also issue an account connection contract through the blockchain transaction at the initial time to store all the account addresses corresponding to each client 110, so that all account addresses correspond to the same KYC data, and allow new or The account address is deleted, and after the financial terminal 120 verifies the account address, the same KYC data is allowed to be received with a different account address (step 292). In this way, the customer can bind multiple account addresses, reduce the chance of identifying the customer through the account address, and help to improve privacy.
以下配合「第3圖」至「第5圖」以實施例的方式進行如下說明,請先參閱「第3圖」,「第3圖」為應用本發明上傳KYC資料之示意圖。假設客戶端110要上傳KYC資料,位於客戶端110的客戶可以開啟編輯視窗300,並且在資料輸入區塊310中鍵入客戶自己的KYC資料,例如:姓名、身分證字號等等,並且點選儲存元件312以儲存KYC資料,倘若欲修改已儲存的KYC資料亦可點選編輯元件311進行編輯。接下來,可透過點選傳送元件313將已儲存的KYC資料傳送至權責端100,以便權責端100根據此KYC資料透過區塊鏈交易發布相應的KYC資料合約。The following description will be made by way of example with reference to "3rd" to "5th". Please refer to "3rd" and "3rd" for a schematic diagram of uploading KYC data by applying the present invention. Assuming that the client 110 wants to upload KYC data, the client located at the client 110 can open the edit window 300, and type the customer's own KYC data in the data input block 310, such as: name, identity card number, etc., and click to save. The component 312 stores the KYC data. If the KYC data is to be modified, the editing component 311 can also be selected for editing. Next, the stored KYC data can be transmitted to the rights holder 100 through the click transmission component 313, so that the rights terminal 100 issues the corresponding KYC data contract through the blockchain transaction according to the KYC data.
如「第4圖」所示意,「第4圖」為應用本發明於權責端加密及簽章資料項目之示意圖。當權責端100接收到客戶端110傳送的KYC資料400,權責端100會使用客戶端公鑰對每一資料項目分別進行加密以生成相應的第一加密內容410,並且還會使用雜湊演算法,如:MD5、SHA-1、SHA-256等等,對每一資料項目進行雜湊計算以獲得相應的雜湊值420,再將這些雜湊值420以權責端私鑰進行簽章以生成雜湊簽章值430。接著,權責端100便可透過區塊鏈交易發布包含帳號地址(如:客戶端公鑰)、第一加密內容410及雜湊簽章值430的KYC資料合約。如此一來,經過一段時間使交易驗證完成後,區塊鏈網路10中的所有區塊鏈節點,其自身的區塊鏈都會有此KYC資料合約,並且獲得對應此合約的KYC資料合約地址。接下來,將KYC資料合約地址註冊在KYC資料註冊合約中,即可觸發資料註冊事件產生註冊完成通知。至此,完成KYC資料合約的發布與註冊。As shown in Figure 4, Figure 4 is a schematic diagram of the application of the present invention to the rights-side encryption and signature data items. When the rights holder 100 receives the KYC data 400 transmitted by the client 110, the rights holder 100 encrypts each data item separately using the client public key to generate a corresponding first encrypted content 410, and also uses a hash calculation. The method, such as MD5, SHA-1, SHA-256, etc., performs a hash calculation on each data item to obtain a corresponding hash value 420, and then hashes the hash value 420 with the right private key to generate a hash. Signature value 430. Next, the rights holder 100 can issue a KYC data contract including an account address (eg, a client public key), a first encrypted content 410, and a hashed signature value 430 through the blockchain transaction. In this way, after the transaction verification is completed for a period of time, all the blockchain nodes in the blockchain network 10 have their own KYC data contract and obtain the KYC data contract address corresponding to the contract. . Next, register the KYC data contract address in the KYC data registration contract, and trigger the data registration event to generate a registration completion notice. At this point, the release and registration of the KYC data contract is completed.
如「第5圖」所示意,「第5圖」為應用本發明於客戶端進行加解密之示意圖。當客戶端110偵測到金融端120觸發請求註冊事件時,假設客戶端110比對帳號地址後發現與自己的帳號地址相同,代表金融端120欲向自己請求KYC資料,所以此客戶端110會讀取相應的KYC資料合約以獲得其中的帳號地址、每一資料項目的第一加密內容410、每一資料項目的雜湊簽章值430。接著,允許客戶設定每一資料項目的授權權限,如:允許、拒絕、取消等等,舉例來說,假設客戶欲授權允許金融端120審閱其KYC資料中的姓名,便可透過圖形使用者界面設定為「允許」,反之若拒絕,則客戶可設定為「拒絕」,或是欲取消原本的授權權限,則客戶可設定為「取消」。As shown in "figure 5", "figure 5" is a schematic diagram of encryption and decryption performed on the client by applying the present invention. When the client 110 detects that the financial terminal 120 triggers the request registration event, it assumes that the client 110 compares with the account address and finds that it is the same as its own account address, and the financial terminal 120 wants to request KYC data from itself, so the client 110 will The corresponding KYC data contract is read to obtain an account number therein, a first encrypted content 410 for each data item, and a hash signature value 430 for each data item. Next, the customer is allowed to set authorization rights for each data item, such as: allow, deny, cancel, etc., for example, if the client wants to authorize the financial terminal 120 to review the name in the KYC data, the user interface can be accessed through the graphical user interface. Set to "Allow", if not, the customer can be set to "Reject", or if you want to cancel the original authorization, the customer can set it to "Cancel".
接下來,客戶端110即可根據授權權限及客戶端私鑰對第一加密內容410進行解密以獲得解密的內容500,然後利用對稱式加密演算法產生一組密鑰,以便透過此組密鑰對解密的內容500進行加密以生成第二加密內容510,至於雜湊簽章值430則維持不變。之後,使用發出請求的金融端120之金融端公鑰對此組密鑰進行加密以生成相應的加密密鑰,以確保只有發出請求的金融端120能夠利用其金融端私鑰進行解密來獲得此組密鑰,換句話說,藉由此方式能夠保證第二加密內容510只有發出請求的金融端120能夠利用此組密鑰進行解密。最後,客戶端110傳送第二加密內容510、雜湊簽章值430及加密密鑰以觸發授權回應事件產生授權回應通知。金融端120偵測到授權回應通知後,即得知其請求已經被客戶端110回應,於是在接收到第二加密內容510、雜湊簽章值430及加密密鑰之後,透過金融端私鑰對加密密鑰進行解密以獲得一組密鑰,再以此組密鑰對第二加密內容510進行解密以得到客戶的KYC資料。Next, the client 110 can decrypt the first encrypted content 410 according to the authorization authority and the client private key to obtain the decrypted content 500, and then generate a set of keys by using the symmetric encryption algorithm to transmit the set of keys. The decrypted content 500 is encrypted to generate a second encrypted content 510, while the hash signature value 430 remains unchanged. Thereafter, the group key is encrypted using the financial side public key of the requesting financial terminal 120 to generate a corresponding encryption key to ensure that only the requesting financial terminal 120 can decrypt using its financial end private key to obtain this. The group key, in other words, can ensure that the second encrypted content 510 can only be decrypted by the requesting financial terminal 120 using the set of keys. Finally, the client 110 transmits the second encrypted content 510, the hash signature value 430, and the encryption key to trigger an authorization response event to generate an authorization response notification. After detecting the authorization response notification, the financial terminal 120 knows that the request has been responded by the client 110, and then receives the second encrypted content 510, the hash signature value 430, and the encryption key, and then transmits the financial private key pair. The encryption key is decrypted to obtain a set of keys, and the second encrypted content 510 is decrypted with the set of keys to obtain the KYC data of the customer.
接著,為了確保KYC資料的正確性且未被竄改,金融端120會計算前述對第二加密內容510進行解密所得到的KYC資料的每一資料項目之雜湊值,並且利用此雜湊值與雜湊值簽章430以回推方式計算出權責端公鑰,如果計算出的權責端公鑰為已知的權責端公鑰,則代表:一、雜湊簽章值430由權責端100產生。二、雜湊簽章值430由KYC資料之雜湊值所簽章生成,亦即代表KYC資料未被竄改。也就是說,假設計算出的雜湊值搭配雜湊簽章值的確可使用回推方式計算出權責端公鑰,即代表此KYC資料是經過權責端100認證的,那麼,金融端120便會對已解密的每一資料項目進行審閱。Next, in order to ensure the correctness of the KYC data and has not been tampered with, the financial terminal 120 calculates the hash value of each data item of the KYC data obtained by decrypting the second encrypted content 510, and uses the hash value and the hash value. The signature 430 calculates the authority public key in a pushback manner. If the calculated authority public key is a known authority public key, it represents: 1. The hash signature value 430 is generated by the rights holder 100. . Second, the hash sign value 430 is generated by the hash value of the KYC data, which means that the KYC data has not been tampered with. That is to say, it is assumed that the calculated hash value and the hash signature value can be calculated by using the pushback method to calculate the public key of the right side, that is, the KYC data is authenticated by the authority 100, then the financial terminal 120 will Review each data item that has been decrypted.
綜上所述,可知本發明與先前技術之間的差異在於透過客戶端110提供KYC資料至權責端100以進行加密、簽章及發布至區塊鏈網路10,並且在區塊鏈網路10上執行智能合約,使客戶端110、權責端100及金融端120能夠執行智能合約的函式及偵測智能合約的事件,以便在金融端請求查詢KYC資料時,客戶端110能夠針對不同資料項目設定授權權限,接著由金融端120直接透過客戶端110接收授權的資料項目,再驗證資料項目是否經權責端100認證以確定是否進行審閱,藉由此一技術手段可以解決先前技術所存在的問題,進而達成提高KYC資料的隱密性、可用性及內容統一性之技術功效。In summary, it can be seen that the difference between the present invention and the prior art is that the KYC data is provided to the rights holder 100 through the client 110 for encryption, signature and distribution to the blockchain network 10, and in the blockchain network. The smart contract is executed on the road 10, so that the client 110, the rights holder 100 and the financial terminal 120 can execute the function of the smart contract and detect the event of the smart contract, so that when the financial side requests to query the KYC data, the client 110 can Different data items are set to authorize the rights, and then the financial terminal 120 directly receives the authorized data items through the client 110, and then verifies whether the data items are authenticated by the authority 100 to determine whether to review, and the prior art can be solved by using a technical means. The existing problems, in turn, achieve the technical effect of improving the confidentiality, usability and content uniformity of KYC data.
雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。While the present invention has been described above in the foregoing embodiments, it is not intended to limit the invention, and the invention may be modified and modified without departing from the spirit and scope of the invention. The scope of patent protection shall be subject to the definition of the scope of the patent application attached to this specification.
10‧‧‧區塊鏈網路10‧‧‧ Blockchain network
100‧‧‧權責端 100‧‧‧rights
101‧‧‧初始模組 101‧‧‧ initial module
102‧‧‧驗證模組 102‧‧‧ verification module
103‧‧‧註冊模組 103‧‧‧ Registration Module
104‧‧‧更新模組 104‧‧‧Update Module
110‧‧‧客戶端 110‧‧‧Client
111‧‧‧生成模組 111‧‧‧Generation module
112‧‧‧偵測模組 112‧‧‧Detection module
113‧‧‧加解密模組 113‧‧‧Addition and decryption module
120‧‧‧金融端 120‧‧‧Financial side
121‧‧‧請求模組 121‧‧‧Request module
122‧‧‧接收模組 122‧‧‧ receiving module
123‧‧‧審閱模組 123‧‧‧Review module
300‧‧‧編輯視窗 300‧‧‧Edit window
310‧‧‧資料輸入區塊 310‧‧‧Data input block
311‧‧‧編輯元件 311‧‧‧editing components
312‧‧‧儲存元件 312‧‧‧Storage components
313‧‧‧傳送元件 313‧‧‧Transmission components
400‧‧‧KYC資料 400‧‧‧KYC information
410‧‧‧第一加密內容 410‧‧‧First encrypted content
420‧‧‧雜湊值 420‧‧‧ hash value
430‧‧‧雜湊簽章值 430‧‧‧ hash sign value
500‧‧‧解密的內容 500‧‧‧Decrypted content
510‧‧‧第二加密內容 510‧‧‧Second encrypted content
步驟210‧‧‧權責端於初始時,透過區塊鏈交易發布一KYC(Know Your Customer)資料註冊合約以提供註冊及更新至少一KYC資料合約,以及透過區塊鏈交易發布一KYC資料請求註冊合約以提供註冊及記錄至少一KYC資料請求合約,其中,該KYC資料註冊合約包含一資料註冊事件及一資料更新事件,該KYC資料請求註冊合約包含一請求註冊事件及一授權回應事件 Step 210‧‧ ‧ At the beginning of the contract, the rights issuer issues a KYC (Know Your Customer) data registration contract through the blockchain transaction to provide registration and update of at least one KYC data contract, and issue a KYC data request through the blockchain transaction. The registration contract provides for registration and recording of at least one KYC data request contract, wherein the KYC data registration contract includes a data registration event and a data update event, the KYC data request registration contract includes a request registration event and an authorization response event
步驟220‧‧‧客戶端生成對應的該KYC資料,並且將該KYC資料傳送至該權責端,該KYC資料包含多個資料項目 Step 220‧‧‧ The client generates the corresponding KYC data, and transmits the KYC data to the rights side, the KYC data includes multiple data items
步驟230‧‧‧該權責端驗證接收到的該KYC資料,並且根據一客戶端公鑰分別對通過驗證的該KYC資料中的每一資料項目進行加密生成相應的一第一加密內容,再根據一權責端私鑰對每一資料項目的雜湊值進行簽章生成相應的一雜湊簽章值 Step 230‧‧ The right end verifies the received KYC data, and encrypts each data item in the verified KYC data according to a client public key to generate a corresponding first encrypted content, and then Signing the hash value of each data item according to a weighted private key to generate a corresponding hash signature value
步驟240‧‧‧該權責端透過區塊鏈交易發布包含一帳號地址、每一資料項目的該第一加密內容及每一資料項目的該雜湊簽章值的該KYC資料合約,並且獲得對應的一KYC資料合約地址,以及將該KYC資料合約地址註冊在該KYC資料註冊合約中,用以觸發該資料註冊事件產生一註冊完成通知 Step 240‧‧ The right end of the KYC data contract containing the account address, the first encrypted content of each data item, and the hash signature value of each data item is transmitted through the blockchain transaction, and the corresponding contract is obtained. a KYC data contract address, and the KYC data contract address is registered in the KYC data registration contract to trigger the registration of the data to generate a registration completion notice
步驟241‧‧‧在該KYC資料更新完成後,根據該KYC資料註冊合約獲得對應該KYC資料的該KYC資料合約,並且觸發該資料更新事件產生一更新完成通知 Step 241‧‧‧ After the KYC data is updated, the KYC data contract corresponding to the KYC data is obtained according to the KYC data registration contract, and the data update event is triggered to generate an update completion notification.
步驟250‧‧‧金融端在請求所述客戶端的該KYC資料時,透過區塊鏈交易發布對應所述客戶端的所述KYC資料請求合約,並且將所述KYC資料請求合約註冊在該KYC資料請求註冊合約中,用以觸發該請求註冊事件產生一資料請求通知 Step 250‧ ‧ The financial terminal issues the KYC data request contract corresponding to the client through the blockchain transaction when requesting the KYC data of the client, and registers the KYC data request contract in the KYC data request In the registration contract, a data request notification is generated to trigger the request registration event
步驟260‧‧‧所述客戶端偵測到該資料請求通知且其包含的該帳號地址與所述客戶端其中之一相符後,由相符的該客戶端自該區塊鏈網路中讀取對應該客戶端的該KYC資料合約以獲得其中的該帳號地址、每一資料項目的該第一加密內容及每一資料項目的該雜湊簽章值,並且允許設定每一資料項目的一授權權限 Step 260‧‧‧ The client detects the data request notification and the account address included in the account matches one of the clients, and the matching client reads from the blockchain network Corresponding to the KYC data contract of the client to obtain the account address, the first encrypted content of each data item, and the hash signature value of each data item, and allow an authorization authority for each data item to be set.
步驟270‧‧‧所述客戶端根據該授權權限及一客戶端私鑰對獲得的每一資料項目的該第一加密內容進行解密,以及產生一組密鑰對解密後的每一資料項目進行加密生成相應的一第二加密內容,再以一金融端公鑰對該組密鑰進行加密生成一組加密密鑰,並且傳送每一資料項目的該第二加密內容、每一資料項目的該雜湊簽章值及該組加密密鑰以觸發該授權回應事件產生一授權回應通知 Step 270 ‧ ‧ the client decrypts the first encrypted content of each data item obtained according to the authorization authority and a client private key, and generates a set of keys for each decrypted data item Encrypting generates a corresponding second encrypted content, and encrypting the set of keys with a financial public key to generate a set of encryption keys, and transmitting the second encrypted content of each data item, the data item of each data item The hash signature value and the set of encryption keys to trigger the authorization response event to generate an authorization response notification
步驟280‧‧‧所述金融端持續偵測該KYC資料請求註冊合約的該授權回應事件,當該授權回應事件被觸發產生該授權回應通知後,接收每一資料項目的該第二加密內容、每一資料項目的該雜湊簽章值及該組加密密鑰,並且以一金融端私鑰解密該組加密密鑰以獲得該組密鑰,再以該組密鑰解密每一資料項目的該第二加密內容 Step 280‧‧ The financial terminal continuously detects the authorization response event of the KYC data request registration contract, and when the authorization response event is triggered to generate the authorization response notification, receiving the second encrypted content of each data item, The hash signature value of each data item and the set of encryption keys, and decrypting the set of encryption keys with a financial side private key to obtain the set of keys, and decrypting each data item with the set of keys Second encrypted content
步驟290‧‧‧所述金融端根據一權責端公鑰及每一資料項目的該雜湊簽章值,對已解密的每一資料項目執行雜湊值及簽章的驗證,並且在通過驗證且確認該雜湊簽章值由該權責端生成時,對已解密的每一資料項目進行審閱 Step 290‧‧ The financial terminal performs the verification of the hash value and the signature on each data item that has been decrypted according to the weighted public key and the hash signature value of each data item, and is verified and Confirm that the hash signature value is generated by the authority, and review each data item that has been decrypted.
步驟291‧‧‧該權責端於初始時,透過區塊鏈交易發布一KYC執行註冊合約,用以記錄至少一KYC資料執行合約的執行結果,所述KYC資料執行合約記錄所述金融端審閱過的每一資料項目及其簽章 Step 291 ‧ ‧ The responsibilities at the initial stage, a KYC execution registration contract is issued through the blockchain transaction for recording the execution result of at least one KYC data execution contract, the KYC data execution contract record Every data item and its signature
步驟292‧‧‧該權責端於初始時,透過區塊鏈交易發布一帳號連結合約,用以儲存每一客戶端對應的至少一帳號地址,使所述帳號地址對應同一該KYC資料,以及允許新增或刪除所述帳號地址,並且在所述金融端驗證所述帳號地址後,允許以不同的所述帳號地址接收同一該KYC資料 Step 292 ‧ ‧ </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> Allowing to add or delete the account address, and after verifying the account address by the financial terminal, allowing the same KYC data to be received with different account addresses
第1圖為本發明具隱密性的KYC資料共享系統之系統方塊圖。 第2A圖至第2C圖為本發明具隱密性的KYC資料共享方法之方法流程圖。 第3圖為應用本發明上傳KYC資料之示意圖。 第4圖為應用本發明於權責端加密及簽章資料項目之示意圖。 第5圖為應用本發明於客戶端進行加解密之示意圖。1 is a system block diagram of a hidden KYC data sharing system of the present invention. 2A to 2C are flowcharts showing the method of the hidden KYC data sharing method of the present invention. Figure 3 is a schematic diagram of uploading KYC data by applying the present invention. Figure 4 is a schematic diagram of the application of the present invention to the rights-side encryption and signature data items. Figure 5 is a schematic diagram of the encryption and decryption performed on the client by applying the present invention.
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW106116442A TWI644556B (en) | 2017-05-18 | 2017-05-18 | Know your customer (kyc) data sharing system with privacy and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW106116442A TWI644556B (en) | 2017-05-18 | 2017-05-18 | Know your customer (kyc) data sharing system with privacy and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI644556B true TWI644556B (en) | 2018-12-11 |
TW201902179A TW201902179A (en) | 2019-01-01 |
Family
ID=65432095
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW106116442A TWI644556B (en) | 2017-05-18 | 2017-05-18 | Know your customer (kyc) data sharing system with privacy and method thereof |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI644556B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109858911A (en) * | 2019-01-31 | 2019-06-07 | 京东数字科技控股有限公司 | Qualification verification method, device, system, equipment and readable storage medium storing program for executing |
CN110209691A (en) * | 2019-06-11 | 2019-09-06 | 优赋全球(北京)网络科技有限公司 | A kind of data processing method and device |
CN111179067A (en) * | 2019-12-31 | 2020-05-19 | 杭州趣链科技有限公司 | Block chain-based customer information exchange system between banks |
TWI695293B (en) * | 2019-03-29 | 2020-06-01 | 天逸財金科技服務股份有限公司 | Method, system and server for protection mechanism of digital signature certificate |
TWI707571B (en) * | 2019-02-27 | 2020-10-11 | 香港商阿里巴巴集團服務有限公司 | Method and device for storing and calling private key of blockchain account |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140358778A1 (en) * | 2013-05-31 | 2014-12-04 | IDMission LLC | Multi-level know your customer (kyc) data collection and verification |
US9397985B1 (en) * | 2015-04-14 | 2016-07-19 | Manifold Technology, Inc. | System and method for providing a cryptographic platform for exchanging information |
US20160260169A1 (en) * | 2015-03-05 | 2016-09-08 | Goldman, Sachs & Co. | Systems and methods for updating a distributed ledger based on partial validations of transactions |
US20170046651A1 (en) * | 2015-08-13 | 2017-02-16 | The Toronto-Dominion Bank | Systems and method for tracking enterprise events using hybrid public-private blockchain ledgers |
WO2017027900A1 (en) * | 2015-08-14 | 2017-02-23 | Identitii Pty Ltd | A computer implemented method for processing a financial transaction and a system therefor |
US20170124556A1 (en) * | 2015-10-21 | 2017-05-04 | Manifold Technology, Inc. | Event synchronization systems and methods |
-
2017
- 2017-05-18 TW TW106116442A patent/TWI644556B/en active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140358778A1 (en) * | 2013-05-31 | 2014-12-04 | IDMission LLC | Multi-level know your customer (kyc) data collection and verification |
US20160260169A1 (en) * | 2015-03-05 | 2016-09-08 | Goldman, Sachs & Co. | Systems and methods for updating a distributed ledger based on partial validations of transactions |
US9397985B1 (en) * | 2015-04-14 | 2016-07-19 | Manifold Technology, Inc. | System and method for providing a cryptographic platform for exchanging information |
US20170046651A1 (en) * | 2015-08-13 | 2017-02-16 | The Toronto-Dominion Bank | Systems and method for tracking enterprise events using hybrid public-private blockchain ledgers |
WO2017027900A1 (en) * | 2015-08-14 | 2017-02-23 | Identitii Pty Ltd | A computer implemented method for processing a financial transaction and a system therefor |
US20170124556A1 (en) * | 2015-10-21 | 2017-05-04 | Manifold Technology, Inc. | Event synchronization systems and methods |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109858911A (en) * | 2019-01-31 | 2019-06-07 | 京东数字科技控股有限公司 | Qualification verification method, device, system, equipment and readable storage medium storing program for executing |
TWI707571B (en) * | 2019-02-27 | 2020-10-11 | 香港商阿里巴巴集團服務有限公司 | Method and device for storing and calling private key of blockchain account |
US11251961B2 (en) | 2019-02-27 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Methods and apparatuses for storing or invoking blockchain account private keys |
TWI695293B (en) * | 2019-03-29 | 2020-06-01 | 天逸財金科技服務股份有限公司 | Method, system and server for protection mechanism of digital signature certificate |
CN110209691A (en) * | 2019-06-11 | 2019-09-06 | 优赋全球(北京)网络科技有限公司 | A kind of data processing method and device |
CN111179067A (en) * | 2019-12-31 | 2020-05-19 | 杭州趣链科技有限公司 | Block chain-based customer information exchange system between banks |
CN111179067B (en) * | 2019-12-31 | 2023-06-27 | 杭州趣链科技有限公司 | Inter-bank customer information exchange system based on blockchain |
Also Published As
Publication number | Publication date |
---|---|
TW201902179A (en) | 2019-01-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3607728B1 (en) | Methods and devices for protecting sensitive data of transaction activity based on smart contract in blockchain | |
CN109951489B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
TWI709314B (en) | Data processing method and device | |
TWI644556B (en) | Know your customer (kyc) data sharing system with privacy and method thereof | |
US10079682B2 (en) | Method for managing a trusted identity | |
CN101490689B (en) | Content control system and method using certificate chains | |
CN111147432B (en) | KYC data sharing system with confidentiality and method thereof | |
US9064129B2 (en) | Managing data | |
CN108768933B (en) | Autonomous supervision digital identity authentication system on block chain platform | |
TWI629658B (en) | Know your customer (kyc) data sharing system based on smart contract on blockchain and method thereof | |
TWI622949B (en) | Know your customer (kyc) data marking dispute relief system with multiple secret key and method thereof | |
CN104980477A (en) | Data access control method and system in cloud storage environment | |
CN106027503A (en) | Cloud storage data encryption method based on TPM | |
KR102131206B1 (en) | Method, service server and authentication server for providing corporate-related services, supporting the same | |
WO2021169767A1 (en) | Data processing method and apparatus, device and medium | |
TW201913529A (en) | Confirmation system based on blockchain smart contract and method thereof | |
KR20220109099A (en) | Electric power brokerage method and system with enhanced data confidentiality and integrity based on blockchain | |
WO2021114495A1 (en) | Supply chain transaction privacy protection system and method based on blockchain, and related device | |
WO2021134897A1 (en) | Blockchain supply chain transaction hidden dynamic supervision system and method | |
CN113706261A (en) | Block chain-based power transaction method, device and system | |
US20230107805A1 (en) | Security System | |
CN115022039A (en) | Information processing method, apparatus, device, storage medium, and computer program product | |
TWI646489B (en) | Know your customer (kyc) data marking system with dispute relief mechanism and method thereof | |
JP6524556B2 (en) | Authentication key replication system | |
CN116167766A (en) | Asset evidence-passing method and related device |